return ret;
}
+#ifndef OPENSSL_NO_ECDH
static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
int ret;
}
return rv;
}
+#endif
static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
return 1;
+#ifndef OPENSSL_NO_ECDH
case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
if (p1 == -2)
{
dctx->co_key = NULL;
}
return 1;
+#endif
case EVP_PKEY_CTRL_EC_KDF_TYPE:
if (p1 == -2)
0,0,
0,
+#ifndef OPENSSL_NO_ECDH
pkey_ec_kdf_derive,
+#else
+ 0,
+#endif
pkey_ec_ctrl,
pkey_ec_ctrl_str
case SSL_CTRL_GET_SHARED_CURVE:
return tls1_shared_curve(s, larg);
+#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_ECDH_AUTO:
s->cert->ecdh_tmp_auto = larg;
return 1;
+#endif
#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
EVP_PKEY *ptmp;
int rv = 0;
sc = s->session->sess_cert;
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
&& !sc->peer_ecdh_tmp)
return 0;
return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length,
parg);
+#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_ECDH_AUTO:
ctx->cert->ecdh_tmp_auto = larg;
return 1;
+#endif
#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_ECDH
/* if we are considering an ECC cipher suite that uses
* an ephemeral EC key check it */
if (alg_k & SSL_kEECDH)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
+#endif /* OPENSSL_NO_ECDH */
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
return 0;
}
+#ifndef OPENSSL_NO_ECDH
switch(suiteb_flags)
{
case SSL_CERT_FLAG_SUITEB_128_LOS:
/* Set auto ECDH parameter determination */
c->ecdh_tmp_auto = 1;
return 1;
+#else
+ SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+ return 0;
+#endif
}
#endif
x = cpk->x509;
/* This call populates extension flags (ex_flags) */
X509_check_purpose(x, -1, 0);
+#ifndef OPENSSL_NO_ECDH
ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
(x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
+#endif
ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
(x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
if (!(cpk->valid_flags & CERT_PKEY_SIGN))
int *curves, size_t ncurves);
int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
const char *str);
+#ifndef OPENSSL_NO_ECDH
int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
+#endif /* OPENSSL_NO_ECDH */
#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_TLSEXT
}
return rv;
}
+#ifndef OPENSSL_NO_ECDH
/* Check EC temporary key is compatible with client extensions */
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
{
return tls1_check_ec_key(s, curve_id, NULL);
#endif
}
+#endif /* OPENSSL_NO_ECDH */
#else
my $badcmd = 0;
my $no_ec;
my $no_ec2m;
+my $no_ecdh;
my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
system ("$ossl_path no-ec > $null_path");
{
die "Error checking for EC2M support\n";
}
+
+system ("$ossl_path no-ecdh >/dev/null");
+if ($? == 0)
+ {
+ $no_ecdh = 1;
+ }
+elsif ($? == 256)
+ {
+ $no_ecdh = 0;
+ }
+else
+ {
+ die "Error checking for ECDH support\n";
+ }
my @smime_pkcs7_tests = (
print "$tnam: skipped, EC disabled\n";
next;
}
+ if ($no_ecdh && $tnam =~ /ECDH/)
+ {
+ print "$tnam: skipped, ECDH disabled\n";
+ next;
+ }
if ($no_ec2m && $tnam =~ /K-283/)
{
print "$tnam: skipped, EC2M disabled\n";